AAPT subject of data breach
- 26 July, 2012 16:09
Internet service provider (ISP), AAPT, has confirmed that it was the target of a data breach which affected some AAPT business customer data stored on servers in Melbourne.
AAPT CEO, David Yuile, said in a statement that the incident was brought to its attention by service provider, Melbourne IT, at approximately 9:30pm (AEST) last night.
“Preliminary findings suggest it was two files that were compromised and the data is historic, with limited personal customer information,” he said.
“Further, the servers on which the files were stored have not been used or connected to AAPT for at least 12 months.”
Hacktivst group, Anonymous, which had threatened to release 40GB of data from an ISP in protest over the Australian Government’s proposed data retention laws--which could mean every internet users' entire Web history is logged and stored for up to two years--posted a message on its Par:AnoIA Twitter account:
“Apparently rumors are spreading much already. Let us point the attention to this link: http://en.wikipedia.org/wiki/AAPT.”
Operation Australia recently tweeted, “We can promise you. That the leak is not fake. We know, and the certain ISP knows.”
IBRS analyst, James Turner, told CIO Australia that the issue for AAPT is that an alleged group of hackers is attacking a third party and then claiming the attack is a political statement.
“It's like stealing an individual's car and then saying it was a protest against the number of red light cameras,” he said.
“Whoever committed this attack clearly hadn't thought through what they were doing, and certainly not why they were doing it. This attack actually helps support the government's case.”
According to Turner, attacks against civilians, or in this case an unrelated organisation, merely galvanises the Australian Government’s resolve to not be beaten.
“It’s likely that public support for ISPs being made to track user activity will actually increase -- as a direct result of this attack.”
Earlier in the week, Anonymous claimed credit for taking down at least 10 Queensland government websites in protest over the proposed data retention rules.
According to a blog posting entitled Par:Onia members of the group used an authentication bypass to loot some “booty” from Queensland government servers which, according to Anonymous, showed how the Australian government was monitoring citizen's activity online.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow CIO Australia on Twitter: @CIO_Australia
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- OAIC releases privacy impact assessment guide for consultation
- Some Australian businesses 'unlikely' to be ready for Privacy Act changes: survey
- BYOA 'shadow IT' grows in the enterprise: Telsyte
- Cost of a Privacy Act breach could extend to ongoing audits: legal expert
- How Hunter Water is saving $50k a year in software licences
Trust issue looms large for tech companies capitalizing on personal data
5 women who've made it in IT
Five trends affecting legal CIOs
CIO Roundtable: The changing face of security
Bitcoin malware count soars as cryptocurrency value climbs
Cloud-Based Mobile Device Security Streamlines Data Protection
Read this white paper to learn why cloud-based security offers superior protection that meets today’s requirements for identifying and preventing access to malicious sites and applications while reducing management complexity and IT staff time and effort. This whitepaper discusses: • Increased use of mobile devices and the associated risks • Ways to address security challenges • Benefits of cloud-based anti-malware solutions
Bell Gully Law Firm Success
Read this whitepaper to find out how one of New Zealand’s oldest leading law firms was able to remove tangible risk to the business and enhance productivity by rapidly deploying an improved fundamental Unified Communication solution.
Best Practices in Data Protection Monitoring
This whitepaper discusses best practice in data protection monitoring, with a focus on recoverability and visibility as significant drivers for success. Whether backing up a private cloud or several smaller environments, learn how a unified view is necessary for proactively reporting protection, compliance to auditors, and understanding overall data protection health, performance, and reliability.